CVE-2024-35806

Summary

In the Linux kernel, the following vulnerability has been resolved:

soc: fsl: qbman: Always disable interrupts when taking cgr_lock

smp_call_function_single disables IRQs when executing the callback. To prevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere. This is already done by qman_update_cgr and qman_delete_cgr; fix the other lockers.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux96f413f47677366e0ae03797409bfcc4151dbf9e < b56a793f267679945d1fdb9a280013bd2d0ed7f9affected
LinuxLinux96f413f47677366e0ae03797409bfcc4151dbf9e < 62c3ecd2833cff0eff4a82af4082c44ca8d2518aaffected
LinuxLinux96f413f47677366e0ae03797409bfcc4151dbf9e < dd199e5b759ffe349622a4b8fbcafc51fc51b1ecaffected
LinuxLinux96f413f47677366e0ae03797409bfcc4151dbf9e < e6378314bb920acb39013051fa65d8f9f8030430affected
LinuxLinux96f413f47677366e0ae03797409bfcc4151dbf9e < a62168653774c36398d65846a98034436ee66d03affected
LinuxLinux96f413f47677366e0ae03797409bfcc4151dbf9e < 0e6521b0f93ff350434ed4ae61a250907e65d397affected
LinuxLinux96f413f47677366e0ae03797409bfcc4151dbf9e < 276af8efb05c8e47acf2738a5609dd72acfc703faffected
LinuxLinux96f413f47677366e0ae03797409bfcc4151dbf9e < af25c5180b2b1796342798f6c56fcfd12f5035bdaffected
LinuxLinux96f413f47677366e0ae03797409bfcc4151dbf9e < 584c2a9184a33a40fceee838f856de3cffa19be3affected
LinuxLinuxa85c525bbff4d7467d7f0ab6fed8e2f787b073d6affected
LinuxLinux29cd9c2d1f428c281962135ea046a9d7bda88d14affected
LinuxLinux5b10a404419f0532ef3ba990c12bebe118adb6d7affected
LinuxLinux4.9.92 < 4.10affected
LinuxLinux4.14.32 < 4.15affected
LinuxLinux4.15.15 < 4.16affected
LinuxLinux4.16affected
LinuxLinux0 < 4.16unaffected
LinuxLinux4.19.312 <= 4.19.*unaffected
LinuxLinux5.4.274 <= 5.4.*unaffected
LinuxLinux5.10.215 <= 5.10.*unaffected
LinuxLinux5.15.154 <= 5.15.*unaffected
LinuxLinux6.1.84 <= 6.1.*unaffected
LinuxLinux6.6.24 <= 6.6.*unaffected
LinuxLinux6.7.12 <= 6.7.*unaffected
LinuxLinux6.8.3 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References